ClawHub

memori-extension

v1.0.2

Memory augmentation and LLM call interception using the Memori Python library with optional Zhipu API integration.

0· 294·0 current·0 all-time
by@ian-at
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation: the bundle wraps the Memori Python library for local memory operations and exposes an optional Zhipu client that is only activated when ZHIPUAI_API_KEY is set. Required binaries (python3) and the declared Python dependency (memori) are appropriate.
Instruction Scope
SKILL.md and the code explicitly describe file reads/writes (local SQLite DB and optional tech terms file) and clearly document that conversation text is sent to Zhipu only if the ZHIPUAI_API_KEY env var is provided. The code also persists added tech terms when persist=True. There are no instructions to read unrelated system files or to exfiltrate secrets beyond the controlled Zhipu API call.
Install Mechanism
This is an instruction-only skill with included Python wrapper code; installation is via pip for memori (and optionally zhipuai). No downloads from untrusted URLs or extract/install steps are present in the manifest.
Credentials
No required credentials are declared. The only sensitive environment variable is ZHIPUAI_API_KEY (optional) which directly maps to the optional external augmentation feature. Other environment variables control local file paths and terms and are proportionate to the functionality.
Persistence & Privilege
The skill does not request always:true or other elevated persistence. It reads/writes its own local DB and optional config file; it does not modify other skills or global agent configuration.
Assessment
This skill appears coherent, but follow these precautions before enabling external features: 1) Test in local-only mode by leaving ZHIPUAI_API_KEY unset—this keeps all work on your machine. 2) Review the Memori and zhipuai packages (origin, maintainers) before pip installing. 3) If you do supply ZHIPUAI_API_KEY, understand that full conversation text (including system prompts and assistant responses) may be transmitted to Zhipu's servers. 4) Protect the local database and tech_terms file with appropriate file permissions and backups; the skill can append terms to the configured file. 5) If you need higher assurance, run the skill in a sandbox environment and inspect traffic to confirm only intended API calls occur.

Like a lobster shell, security has layers — review code before you run it.

latestvk97942p16vvdw3kvazak1gcvm18258kk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis
Any binpython3

Comments